security

TÜV Trust IT using a special designed methodology tested the security functions of IE 8. More information can be found here (the page is in German). This validation comes one week after the annual Pwn2Own contest at the CanSecWest security show which took place in Vancouver where researchers demonstrated that they could hack a non-jailbroken iPhone, Safari running on Snow Leopard and Internet Explorer 8 and Firefox on Windows 7.

To hack IE 8, Peter Vreugdenhil (an independent security researcher from the Netherlands) said he exploited two vulnerabilities in a four-part attack that involved bypassing ASLR (Address Space Layout Randomization) and evading DEP (Date Execution Prevention), which are designed to help stop attacks on the browser.

A recent report from Messaging Anti-abuse Working Group (MAAWG) shows that 46% of users would open messages sent to them containing either malicious files or spam email. The report covers North America and Western European countries. According to the same report, about 50% of the users would open the files inside the messages, they would follow the links sent to them while they would also forward spam emails to friends of theirs too.

There was also a 15% of the users who responded to the spam emails in order to check what would happen.

The report results raises concerns about the integrity of companies’ infrastructures and information, showing that the companies have one more reason in blocking spam emails inside their network other than network traffic and malicious software. The non-awareness of the users about the severity of their actions and the security risks evolving by irresponsible behavior of theirs is something that the companies already consider, the MAAWG report results is one more piece of information that confirms it.

Since June 2009 Google has been testing the https protocol in order to use it in the whole Gmail service so us to provide the optimum security possible from the information send/received from/to the browser of the user to/from the company’s servers. Through these months Google upgraded only the login page of Gmail to encrypt the username and password of the user also offering the option to the user to enable https if he/she wanted to. On the 12th of January Google announced through the official Gmail Blog that https will be the default option from now on for all the users, and only if the user wishes so, he or she can go back to the unsecure https protocol.

Several issues were resolved by Google until now, concerning the use of https to its services, there is still though an issue for the users who use the offline Gmail. More information about the issue can be found here.